BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

5 steps to securing the small business (that don’t cost a penny)

Posted May 1, 2013    Andy Clark

pennyFor many small businesses there are considerable restraints on both budget and personnel that can make implementing a good security practice feel like an insurmountable challenge. Recent news gives us a constant reminder of the threats we all face from hactivists, electronic espionage, and good old fashioned script kiddies out to cause damage. These threats are very real and it makes good business sense to reduce your attack surface as much as possible. However, picking the right solution can become a daunting task, especially because of the heavy impact these solutions (and their implementation) can put on already tight margins. With that in mind, here are five steps that any business can take to improve security, without spending a penny.

1. Configuration

Let’s start with the basics. Configuring an environment is not just simply plugging everything together and letting it run. However, by making changes and implementing best practice on your network, operating systems, and applications you can significantly reduce your attack surface. BeyondTrust Research has produced a white paper In Configuration We Trust that includes guidance about how you can go about implementing some of these changes. To make life that little bit easier we’ve also produced a free tool that helps you assess your environment for some of the common configuration issues. Both of these free tools are available for download here.

2. Vulnerability Management

All systems have vulnerabilities. There I said it. Sadly this is a product of both human error and human ingenuity. The combination of mistakes made by developers and the increasing ingenuity of the hacker community has led to an inexorable rise in the number of exploitable vulnerabilities that are discovered and announced. Black market exploit tool kits are making it almost childishly simple for attackers to discover and exploit weaknesses in existing systems. It is every organization’s responsibility to keep their environment secure but to do this you need to know what holes exist. Vulnerability management is a great step towards achieving this goal. Retina CS Community edition is a free vulnerability management solution that can scan up to 256 assets and identify any vulnerabilities in configuration, operating system, and installed applications. The solution covers not just servers and desktops but databases, web applications and mobile devices. It also includes data on known exploits in the wild. Knowledge is power, go get some. Download Retina CS Community Free Now.

3. IDS

An Intrusion Detection System is one of those things that many organizations think they should have but never really understand. The solution is designed to track all of the network traffic in and out of your organization and highlight those instances that may be evidence of an attack. Network based appliances can be very expensive but there is an excellent open source alternative. Developed by Sourcefire, Snort®, is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. All that is required is a system to host it. Snort can be found here.

4. Antivirus

There are many, many antivirus solutions available and they all have their pro’s and con’s. Since we’re going for free here there are a couple of options to consider. Assuming you’re running a Microsoft Windows platform you will have access to Microsoft’s Security Essentials. It’s by no means the best of the bunch but since it comes pre-installed it’s very easy to get started with. If you’re looking for something that has more advanced protection, then may I suggest the rather excellent Avast free antivirus, which can be found here. One thing to consider is that most malware attacks are looking to leverage elevated privileges, so by removing these you can decrease your vulnerability surface area considerably. BeyondTrust’s PowerBroker for Windows solution snaps into your existing active directory structure and allows you to elevate applications and processes at a very granular level, effectively removing administrator rights throughout your organization. For more information about PowerBroker for Windows and to begin a free trial visit us here.

 5. Education

All of the solutions I have described above are designed to mitigate risk from a technical perspective and are all very capable of doing so. However they cannot entirely protect you from the threat of social engineering. Phishing attacks are on the rise and these can be either very broad in scope or highly targeted against individuals. The value of an educated workforce that understands the risks cannot be underestimated. Whether it’s a bored office junior browsing the wrong websites or a CEO receiving individually crafted malicious emails, an understanding of the inherent risks of data leakage can greatly improve your response to attacks. Security-aware cultures are not created overnight and it will take time and effort on everyone’s part to achieve. This dedication is always worth the investment. To help make your program a success, SANS has some excellent free resources here.

Tags:
, , , , , , , , ,

Leave a Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,